Guard Against a Botnet Attack

Wordpress SecurityHow to Protect Yourself from a Botnet Attack

This how-to assumes that you have a basic knowledge of WordPress, are able to upgrade and install plugins.

There are a number of things you should do to ensure that your WordPress website does not fall victim to the recent spate of WordPress botnet attacks.

Step One: Use this free online tool to check whether your site has been infected (it will also tell you if you’re using outdated software)

Step Two: Ensure that you do not have a user called ‘admin’. To check this:-

  1. log in to your WordPress Administration Panel (http://www.yourdomain/wp-admin).
  2. Select Users from the left hand menu.
  3. If you see an admin username, add a new user for yourself (ensuring that the role is set to Administrator) and log out.
  4. Log back in as the new user and select Users from the left hand menu
  5.  and delete the admin account.

Step Three: Ensure that you are using the latest version of WordPress. Either use the tool in step one, or log into your WordPress Administration Panel, take a look at the top of the screen. If you see a yellow bar that says ‘WordPress x.x.x is available. Please update now’, then your version of WordPress is out of date.

It is important to always have the latest version of WordPress as this will contain the latest security features

If your version of WordPress is out of date, do the following:-

  1. Back Up your WordPress install – you can install this plugin that will back everything up and allow you to download it to your own computer. Updates do not always go smoothly so this step is critical.
  2. Click the upgrade link, located within the yellow bar at the top, and follow the upgrade instructions.
  3. Check your website to ensure that everything is working as expected. It is possible in some instances for  updates to interfere with older plugins (this is why step 1 is so critical!)

Luckily WordPress makes the upgrade procedure easy, so all being well the process should be very smooth.

Step Three: Install this plugin that limits the amount of attempts that can be made on a password. Once the limit (which you can set) is reached, it will lock the account for a specified period of time to prevent further attempts.

Step Four: Whatever user account you are using, make damn sure you have a strong password! This is true for any password! Here are some tips for choosing strong passwords:-

  1. Try to use a minimum of 8 characters
  2. Use at least one number
  3. Use a mixture of uppercase and lowercase letters
  4. Use at least one character (i.e. @, $, ^, ! etc.)
  5. Never use words you’ll find in a dictionary
  6. NEVER use obvious passwords such as ‘password’
  7. Your password should never be the same as your username.

I hope this helps, remeber if you’re an Adira customer and have any doubts then please don’t hesitate to call on 0845 6121199

Friday, October 18th, 2013 at 7:15 am  |  Security